VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 45nm (1067a); 2009 Intel Core 2 Duo E7600; 2 x 3060MHz; wolfdale, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
406864127442174
T:
jacfp127i
425384318843847
T:
kumjacfp127g
473264784348586
T:
prjfp127i
486954922550048
T:
hecfp127i
702717097372031
T:
ecfp256e
734147399774479
T:
jacfp128bk
742477465375676
T:
ecfp256h
768127726777946
T:
ecfp256s
828718351384333
T:
ecfp256q
869058770689190
T:
hecfp128fkt
872748788589368
T:
hecfp128bk
873618798989440
T:
hecfp128i
875998842289472
T:
prjfp128bk
123430124886126544
T:
gls1271
127925128838130243
T:
curve2251
179299179438180065
T:
kumfp127g
292368292921294828
T:
curve25519
314754314888315052
T:
kumfp128g
333116334496335281
T:
ed448goldilocks
369461371103373337
T:
ecfp256i
380509386714400985
T:
hector
406136406162406237
T:
kummer
416301418695420603
T:
surf127eps
422362425468428917
T:
sclaus1024
497644498154498651
T:
nistp256
759277763427766542
T:
surf2113
165961716612361662881
T:
ed521gs
191739019216381927105
T:
nist521gs
214569521611022176216
T:
sclaus2048
253417725424332732023
T:
claus
Cycles to compute a shared secret
25%50%75%system
183606183791184466
T:
kumfp127g
187389187613187808
T:
kumjacfp127g
242746242897243113
T:
jacfp128bk
292108292214292360
T:
jacfp127i
293029293626295138
T:
curve25519
298980299192299501
T:
prjfp128bk
306136306249306419
T:
hecfp128bk
305102315513316984
T:
gls1271
317219317373317591
T:
hecfp128fkt
327131327294327501
T:
kumfp128g
351621351658351986
T:
ecfp256e
367320367421367606
T:
ecfp256q
370391370660370937
T:
ecfp256i
380770381026381324
T:
prjfp127i
388949389138389288
T:
hecfp127i
410639412017412222
T:
kummer
414054416023418077
T:
surf127eps
423513427001433339
T:
sclaus1024
438097438235438321
T:
ecfp256h
458307458634460650
T:
ecfp256s
525064530332531258
T:
curve2251
693132693534694169
T:
hecfp128i
755182764827766745
T:
surf2113
103093210357841037540
T:
ed448goldilocks
116233011629061164580
T:
nistp256
128312912868151299440
T:
hector
165287916545861657262
T:
ed521gs
191292319146211916046
T:
nist521gs
214595321823212207115
T:
sclaus2048
253793825655512756463
T:
claus